Lynis

Description

Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux/Unix-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings. To provide you with initial guidance, a link is shared to the related Lynis control.

Usage

Syntax

lynis [option]

Options

    --auditor "<name>"            : Auditor name
    --check-all (-c)              : Check system
    --no-log                      : Don't create a log file
    --profile <profile>           : Scan the system with the given profile file
    --quick (-Q)                  : Quick mode, don't wait for user input
    --tests "<tests>"             : Run only tests defined by <tests>
    --tests-category "<category>" : Run only tests defined by <category>

Layout options:
    --no-colors                   : Don't use colors in output
    --quiet (-q)                  : No output, except warnings
    --reverse-colors              : Optimize color display for light backgrounds

Misc options:
    --check-update                : Check for updates
    --view-manpage (--man)        : View man page
    --version (-V)                : Display version number and quit

Example

cyborg@cyborg:~$ sudo lynis -Q --check-all

[ Lynis 1.3.9 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.

 Copyright 2007-2014 - Michael Boelen, http://cisofy.com
 Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################

[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Clearing log file (/var/log/lynis.log)...                 [ DONE ]

  ---------------------------------------------------
  Program version:           1.3.9
  Operating system:          Linux
  Operating system name:     Ubuntu
  Operating system version:  14.04
  Kernel version:            3.16.0-28-generic
  Hardware platform:         x86_64
  Hostname:                  cyborg
  Auditor:                   [Unknown]
  Profile:                   /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  ---------------------------------------------------


[+] System Tools
------------------------------------
  - Scanning available tools...
  - Checking system binaries...
    - Checking /bin...                                        [ FOUND ]
    - Checking /sbin...                                       [ FOUND ]
    - Checking /usr/bin...                                    [ FOUND ]
-i used with no filenames on the command line, reading from STDIN.
    - Checking /usr/sbin...                                   [ FOUND ]
    - Checking /usr/local/bin...                              [ FOUND ]
    - Checking /usr/local/sbin...                             [ FOUND ]
    - Checking /usr/local/libexec...                          [ FOUND ]
    - Checking /usr/libexec...                                [ NOT FOUND ]
    - Checking /usr/sfw/bin...                                [ NOT FOUND ]
    - Checking /usr/sfw/sbin...                               [ NOT FOUND ]
    - Checking /usr/sfw/libexec...                            [ NOT FOUND ]
    - Checking /opt/sfw/bin...                                [ NOT FOUND ]
    - Checking /opt/sfw/sbin...                               [ NOT FOUND ]
    - Checking /opt/sfw/libexec...                            [ NOT FOUND ]
    - Checking /usr/xpg4/bin...                               [ NOT FOUND ]
    - Checking /usr/css/bin...                                [ NOT FOUND ]
    - Checking /usr/ucb...                                    [ NOT FOUND ]
    - Checking /usr/X11R6/bin...                              [ NOT FOUND ]

[+] Boot and services
------------------------------------
  - Checking boot loaders
    - Checking presence GRUB2...                              [ FOUND ]
    - Checking presence LILO...                               [ NOT FOUND ]
    - Checking boot loader SILO                               [ NOT FOUND ]
    - Checking boot loader YABOOT                             [ NOT FOUND ]
  - Check services at startup (rc2.d)...                      [ DONE ]
    Result: found 25 services
  - Check startup files (permissions)...                      [ OK ]

[+] Kernel
------------------------------------
  - Checking default run level...                             [ RUNLEVEL 2 ]
  - Checking CPU support (NX/PAE)
    CPU support: PAE and/or NoeXecute supported               [ FOUND ]
  - Checking kernel version and release                       [ DONE ]
  - Checking kernel type                                      [ DONE ]
  - Checking loaded kernel modules                            [ DONE ]
      Found 51 active modules
  - Checking Linux kernel configuration file...               [ FOUND ]



		
	
	
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?